This afternoon Commissioner Richard Thomas will appear before
the committee to give evidence about data protection and his
powers, which he is known to believe are too limited.
Last month HMRC lost 25 million names and addresses from the
child benefits database when two CDs were lost in transit between
government offices.
In the aftermath of that crisis Thomas was given a small measure
of the extra power he has been seeking, but he is known to believe
that a tougher data protection regime is essential.
Following the HMRC scandal, Gordon Brown announced that the
Information Commissioner's Office (ICO) would have the powers to
audit the data protection policies and practices of public
authorities without their permission.
Thomas had argued that he should have the power to raid any
organisation, not just governmental ones, without permission in
order to enforce better data protection. Currently he must seek the
agreement of an organisation before carrying out an audit.
"In the light of the admitted mishandling of private personal
data by Her Majesty's Revenue & Customs, the Committee will
hold a one-off evidence session with the Information Commissioner,"
said a statement from the Justice Select Committee.
"The Committee will explore issues connected with data
protection generally, as well as the Information Commissioner's
enforcement and supervisory powers."
Thomas told the Home Affairs Select Committee earlier this year
that it was vital that he be given powers to search
organisations.
"People now understand that data protection is an essential
barrier to excessive surveillance," he said in May. "But it is
wrong that my office cannot find out what is happening in practice
without the consent of each organisation."
Prime Minister Gordon Brown told the House of Commons in the
wake of last month's scandal that "we will give the Information
Commissioner the power to spot check departments, to do everything
in his power and our power to secure the protection of data". The
ICO said that the details of the arrangements were unclear and
would be negotiated with the Department of Justice
The ICO also recently demanded the power to conduct a privacy
impact assessment of new surveillance and to be consulted before
new surveillance is carried out.
"It is essential that before new surveillance technologies are
introduced full consideration is given to the impact on individuals
and that safeguards are in place to minimise intrusion," he
said.
The depth of the problems facing the ICO were underlined late
yesterday when it emerged that Thomas was investigating evidence
supplied to him by The Times newspaper that more than 100 websites
are able to offer live credit card details of Britons for sale.
The data includes PINs, passwords and credit card numbers for as
little as £1 per card, and the ICO has said that the information it
has seen would be sufficient for a crook to spend money in someone
else's name.
